CVE-2025-43904

Published: Jan 16, 2026Modified: Jan 26, 2026

4.2

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.6 / Impact: 2.5

Source: MITRE (Secondary)

Description

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/

Source: cve@mitre.org

https://www.schedmd.com/security-policy/

Source: cve@mitre.org

Timeline

No history available yet.